yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

default key type to age and rename to age-key/pgp-key

Browse Source
This commit is contained in:
Jörg Thalheim
2024-10-01 12:00:37 +02:00
committed by Mic92
parent 24973370b3
commit d909078033
2 changed files with 21 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkgs/clan-cli/clan_cli/secrets/sops.py
View File

@@ -104,7 +104,8 @@ def maybe_get_user_or_machine(
for user in folder.iterdir(): for user in folder.iterdir():
if not (user / "key.json").exists(): if not (user / "key.json").exists():
continue continue
if read_key(user) == (pub_key, key_type): this_pub_key, this_key_type = read_key(user)
if pub_key == this_pub_key and key_type == this_key_type:
key.username = user.name key.username = user.name
return key return key

24
pkgs/clan-cli/clan_cli/secrets/users.py
View File

@@ -1,5 +1,4 @@
import argparse import argparse
import os
from pathlib import Path from pathlib import Path
from clan_cli.completions import add_dynamic_completer, complete_secrets, complete_users from clan_cli.completions import add_dynamic_completer, complete_secrets, complete_users
@@ -102,8 +101,15 @@ def add_command(args: argparse.Namespace) -> None:
if args.flake is None: if args.flake is None:
msg = "Could not find clan flake toplevel directory" msg = "Could not find clan flake toplevel directory"
raise ClanError(msg) raise ClanError(msg)
key_type = sops.KeyType.AGE if args.key_age else sops.KeyType.PGP if args.age_key or args.agekey:
key = args.key_age or args.key_pgp key_type = sops.KeyType.AGE
elif args.pgp_key:
key_type = sops.KeyType.PGP
else:
msg = "BUG!: key type not set"
raise ValueError(msg)
key = args.agekey or args.age_key or args.pgp_key
assert key is not None, "key is None"
add_user(args.flake.path, args.user, key, key_type, args.force) add_user(args.flake.path, args.user, key, key_type, args.force)
@@ -154,14 +160,22 @@ def register_users_parser(parser: argparse.ArgumentParser) -> None:
add_parser.add_argument("user", help="the name of the user", type=user_name_type) add_parser.add_argument("user", help="the name of the user", type=user_name_type)
key_type = add_parser.add_mutually_exclusive_group(required=True) key_type = add_parser.add_mutually_exclusive_group(required=True)
key_type.add_argument( key_type.add_argument(
"--key-age", "agekey",
help="public or private age key of the user. "
"Execute 'clan secrets key --help' on how to retrieve a key. "
"To fetch an age key from an SSH host key: ssh-keyscan <domain_name> | nix shell nixpkgs#ssh-to-age -c ssh-to-age",
type=public_or_private_age_key_type,
nargs="?",
)
key_type.add_argument(
"--age-key",
help="public or private age key of the user. " help="public or private age key of the user. "
"Execute 'clan secrets key --help' on how to retrieve a key. " "Execute 'clan secrets key --help' on how to retrieve a key. "
"To fetch an age key from an SSH host key: ssh-keyscan <domain_name> | nix shell nixpkgs#ssh-to-age -c ssh-to-age", "To fetch an age key from an SSH host key: ssh-keyscan <domain_name> | nix shell nixpkgs#ssh-to-age -c ssh-to-age",
type=public_or_private_age_key_type, type=public_or_private_age_key_type,
) )
key_type.add_argument( key_type.add_argument(
"--key-pgp", "--pgp-key",
help=( help=(
"public PGP encryption key of the user. " "public PGP encryption key of the user. "
"Execute `gpg -k --fingerprint --fingerprint` and remove spaces to get it." "Execute `gpg -k --fingerprint --fingerprint` and remove spaces to get it."